I am implementing a socket which accepts connection using TLS.
I found some information on SO on how it can be implemented using OpenSSL. Turn a simple socket into an SSL socket
My question is,
Do I have to use openssl (or some other library) to implement TLS compatible socket. Is there any standard C methods to implement it?
There is no standard C library for TLS. There is OpenSSL which is used a lot and works on many platforms but there are also platform specific libraries like SChannel (Microsoft) or Secure Transport (Apple). And there are many more cross-platform like NSS, GnuTLS, Botan, ... . See Wikipedia: Comparison of TLS implementations for more information.
Of course, you could in theory implement everything yourself but TLS is a complex protocol. And implementation of cryptographic stuff are much harder to get fully right than most other programming tasks, so better use an established library.
Related
I would like to use the PJSIP library to implement a small SIP softphone on an embedded system. Since this embedded system does not offer Linux or support POSIX, I would like to port the PJLIB library only partially, as described here (https://www.pjsip.org/porting.htm#mozTocId30930). The threading function can be deactivated via a macro, but I'm not quite sure yet how I have to set up this new transport function or where exactly it has to be included so that I can also bypass the IOQUEUE implementation and the PJLIB socket abstraction.
On my embedded system (Keil RTX) I can allocate a UDP socket and register a callback which is called on a network event. I also have a send function which I can use to send data packets. Although I have already looked into the stack, I can't find a way to get started.
Has anyone already dared to the partial porting and can give me a brief assistance. Thank you !
See how Symbian port worked (I think it might be removed from recent versions, but it should be still downloadable) - it was also based on non-POSIX sockets. Create your own platform-specific socket file and ioqueue file.
I want to write a client and server in C preferably, simple C++ if necessary.
The server will run on some flavor of Linux, the client is for testing the server.
I want to ensure messages are received and error free; therefore I will use TCP.
I want them to communicate securely; thus I will use the latest version of TLS (v1.3).
I intend to use the GnuTLS library for reasons:
Actively updated by reputable open source project
License permits selling product
Given the above, if implemented and tested, I could claim that the client/server communication is secure, reliable (a.k.a. assured), and error-checked. Yes?
Am I missing something? Is anything patently false?
Edit: certificates... i think i'm missing something about certificates to protect against man in the middle attacks...
TLS is a complex topic. Depending on your specific code the TLS connection might succeed even if you fail to properly validate the certificate. Thus, just based on what you state so far in your question it cannot be assured that the data are transferred with proper end-to-end protection and that no man in the middle can manipulate the data.
I am trying to lookup some example programs for windows socket. Particularly, I am interested in writing a client in C (in visual studio) which communicates to the server using UDP. I din't find any concrete material. I tried some examples but got some linking errors. Is there any library available. Please let me know.
Thanks in advance.
The Apache Portable Runtime supports sockets, and it is cross platform.
I've found a simple library, which provides implementation of networking, but it is for C++. (C++ Socket Class for Windows). You can look at it's implementation of working with sockets, or just use it (there are examples of simple client and server).
In general, the OpenSSL library (C API) seems to offer two ways to do everything: you can either use plain system sockets configured to your liking, or you can use OpenSSL BIO objects which are sort of like streams.
However, I'm often confused by some of the duplicated functionality. For example, how do you make an SSL connection non-blocking? One way seems to be to simply access the underlying file descriptor and set it to non-blocking using fcntl. But there is also an OpenSSL API function called BIO_set_nbio which takes in a BIO* object and sets it to non-blocking mode.
So what is the best way to set up a non-blocking SSL socket? What happens if you pass OpenSSL a native file descriptor which is already set to non-blocking mode via fnctl? Do you still need to specifically call BIO_set_nbio to make the BIO object non-blocking?
I think most people prefer the BIO interface, but the BIO routines just use whatever native non-blocking socket APIs that are available on the platform. I don't know what happens if you mix and match.
Note that non-blocking I/O for SSL is much trickier than for TCP in general. If you don't understand this going in you're going to be torturing yourself. There are books by John Viega and another by Eric Rescorla that go into this, and you can certainly read the OpenSSL mailing list to get a sense of the heartburn this has caused. Some good code examples showing non-blocking SSL programming with OpenSSL are contained in the software for the TOR project, and the curl utility.
I need to send an HTTP request to a server using HTTPS on Linux using plain sockets. Is there a way to do this?
Code is appreciated.
Thanks
You can encrypt the traffic with the OpenSSL library. Here is an example HTTP client: http://www.w3.org/Library/src/HTTP.c
You need an implementation of TLS (Transport Layer Security, formerly known as Secure Sockets Layer, specified in RFC 5246), whether it be OpenSSL, GnuTLS, Ajisai, yaSSL, NSS, or your own implementation (not recommended).
I think you'll need to use an SSL library, such as OpenSSL (which should be available on nearly every Linux system, or trivially available if not installed by default). AFAIK, there is no way to do SSL with only a absic Berkeley-style sockets implementation.